The FBI has charged an Iranian hacker named Behzad Mesri for hacking HBO and leaking unaired episodes of multiple shows, including the highly popular series Game of Thrones. In May, the hacker, who went by the pseudonym "Skote Vashat" or "Mr Smith", stole 1.5TB of data from HBO, demanding a $6m Bitcoin ransom.
Mesri is not a run-of-the-mill hacker and is believed to have ties to the Iranian military. According to the US Department of Justice's (DoJ) indictment, Mesri worked "on behalf of the Iranian military" to carry out attacks against military and nuclear systems of other nations.
The hacker has also sometimes targeted Israeli infrastructure on behalf of the Iranian military. Besides, Mesri has been an intermittent member of the Iranian hacker group called Turk Black Hat and defaced hundreds of websites across the globe.
Click here to see the wanted poster the FBI has issued for Mesri's arrest.
"Behzad Mesri, an Iranian national who had previously hacked computer systems for the Iranian military, allegedly infiltrated HBO's systems, stole proprietary data, including scripts and plot summaries for unaired episodes of Game of Thrones, and then sought to extort HBO of $6 million in Bitcoins," Acting Manhattan US Attorney Joon H Kim said in a statement.
"Mesri now stands charged with federal crimes, and although not arrested today, he will forever have to look over his shoulder until he is made to face justice. American ingenuity and creativity is to be cultivated and celebrated -- not hacked, stolen, and held for ransom. For hackers who test our resolve in protecting our intellectual property -- even those hiding behind keyboards in countries far away -- eventually, winter will come," Kim added.
Can the FBI actually arrest the Iranian hacker?
Despite the DoJ's indictment, it is highly unlikely that Mesri will actually be arrested. The Wired reported that the US currently has no extradition treaty with Iran. This means that until Mesri is on US soil or in a country that is an ally of US with an extradition treaty, he likely will not face any jail time in the US.
"Because Mesri is in Iran we are unfortunately unable to arrest him," Kim told reporters at a press conference on 21 November, Wired reported. "We made the determination we were not likely to get him. We weighed that against sending a message. That was the balancing we did, and we decided now was the right time to do it."
The DoJ did not classify the HBO hack as a state-sponsored attack, despite Mesri's connection to the Iranian military. However, by making Mesri's links to the Iranian government public, the US may have just diminished the likelihood of Mesri being prosecuted against these charges even in Iran.
"I suspect that the Iranian government wouldn't want to lend credence to anything the US government has said," said J Michael Daniel, who served as the Obama administration's cybersecurity coordinate, Wired reported.
Although the DoJ's indictment may not result in an actual arrest, some believe that the move signals the US government's intention to aggressively go after cybercriminals across the globe.
So, what does the indictment mean for Mesri? "Pragmatically, it just means he can't travel to anywhere the US can grab him. They've imprisoned him in his own country," said Tor Ekeland, an attorney who frequently defends high-profile hacker cases, Wired reported. "They've made him a marked man."